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REMARKS 

This Amendment is submitted in response lo the Examiner's Action mailed 
OeLobcr 23, 2002, with a shortened statutory period of three months set to expire January 
23, 2003. 

Applicants claim a method, system, and product for securing a transaction in 
order to prevent fraudulent transactions. Applicants claim the smart card being initialized 
by a credit card issuer by storing a secret master key and client information on the card, 
A copy of this master key is also stored within the credit card issuer. The master key is 
associated with the client information. The master key is kept secret. A digest is created 
- by the smart card using the client information rind the master key. This digest is then sent 
to tho credit card issuer. 

The credit card issuer then generates its own digest using the copy of the master 
key stored by the credit card issuer and the client information. If the digest generated by 
the credit card issuer matches the digest sent by the merchant, the transaction is 
authorized. 

The Examiner rejected to claims 1-40 under 35 U.S.C. § 103(a) as being 
unpatentable over U.S. Patent 5,317,636 issued to Vizcaino, in view of U.S. Patent 
5,530,232 issued to Taylor and US. Patent 5,850/146 issued to Berger. This rejection is 
respectfully traversed. 

Vizcaino describes a smart card that includes an ever-changing verification 
number. This number is then encrypted and sent \u the computer which is to veri fy the 
transaction. The smart card and the compuLcr boll: keep a copy of the verification 
number. They both increment their numbers after each transaction. After receiving an 
encrypted number, the computer decrypts the received encrypted number. The computer 
then compares the decrypted number to its stored number. If they match, the transaction 
is approved. This verification number is the only thing used by Vizcaino to authenticate 
the transaction. 

Further, the verification number is not kepi secret by Vizcaino. In fact, Vizcaino 
teaches away from keeping this number secret. The number i$ displayed in a window by 
(he card, and is thus very easily obtained. 

Page 12 of 20 
McCowu ci ft!. 09/598,777 

Received from < 972 367 2002 > at 1/23/03 4:54:21 PM [Eastern Standard Time] 



JAN-23-2003 THU 03:55 PM CARSTENS, YEE & CAHOON 



FAX NO. 972 367 2002 



Applicants describe using a secre t master key as well as client mfonnation to 
create the digest thai Uic smart card sends to the credit card issuer. The credit card issuer 
uses this digest to authenticate the transaction. If the master key is publicly available and 
not secret, the master key is of no use in the authentication process. If anyone can easily 
obtain the master key, the credit card issuer would not be able to verify that the 
transaction is not fraudulent. 

Tn addition, the master key claimed by Applicants docs not change over time. The 
verification code described by Vizcaino changes after each transaction. This verification 
number must change after each transaction because Ihc number is made public. 

Vizcaino docs not describe, teach, or suggest a digest. It docs not describe, teach, 
or suggest using a secret master key and client information to create a digest. It does not 
describe, teach, or suggest a master key that remains unchanged. 

Taylor describes a multi-application smart card. Taylor does not describe the 
smart card creating a digest. Taylor docs not describe the smart card creating a digest 
using a secret master key and client information, where a copy of the master key is kept 
by the credit card issuer that initialized the smart c;;rd by storing the master key on the 
smart card. 

Berger describes a customer computer transmitting a digest to a payment 
computer. The purpose of this digest is to ensure that the data that accompanies the 
digest has not been changed during its transmission. "Message digests help verify that a 
message has not been altered because altering the message would change the digest/' 
Sec Column 16, lines 31-33. 

The digest is created by Merger using public keys. By definition these keys arc 
publicly available. Berger teaches away from using a secret key to create the digest. The 
digest is then encrypted by the merchant's private key. However, the digest itself is 
created using the public keys. 

Therefore, Berger does not describe, teach, or suggest creating a digest using a 
secret master key. Berger does not describe, teach, or suggest the master key being 
stored by the credit card issuer. Berger does not describe, teach, or suggest the key used 
to create the digest of Berger being associated with client information. 
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The Examiner states that the teachings oiBcrger could be applied lo a smart card. 
Applying the teachings oiBerger to a smart card docs not vender Applicants' claims 
unpatentable. The digest otDergcr does not help prevent fraudulent transactions. It 
helps ensure that a transmitted message is not altered during transmission. Combining 
the digest oCBerger with a smart card would only ensure that the data transmitted from 
the smart card was received unchanged by the receiver. 

It is respectfully urged that the subject application is patentable over Vizcaino, 
Taylor, and Berger in combination and is now in condition for allowance. 

The Examiner is invited to call the undersigned at the below-listed telephone 
number ifiti the opinion of the Examiner such a telephone conference would expedite or 
aid the prosecution and examination of this application. 



DATE 



Respectfully submitted, 

^ — ^ 

Lisa L.B. Yociss 

Reg. No. 36,975 

Carstons, Yee & Cahoon, LLP 

P.O. llox 802334 

Dallas, TX 75380 

(972) 367-2001 

Attorney for Applicants 
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REDACTED CLAIMS: 

1 . (Amended) A method for securing a transaction inordcr to prevent fraudulent 
transactio ns , said me thod comprising: 

receiving, p ri or to the tr ansaction, a secret m aster key Prom a third party, jdierein 
th e master ke y remains unchanged a nd is kept scc rcl^jmdi^tipXaltered aftcrjhe 
transac tio n, Iho thir d pnrly sto ring a copy of the mazier key; 

receiving a request for a digest from a requestor: 

retrieving the [a] master key; 

retrieving unique client information; 

tljcjdiC!^ associated with (he ma stcjrkgy; 

creating the digest by hashing the unique client information and the master key; 

and 

returning the digest and the unique client information to the requestor, wherein 
Ihc digest and the unique client information will be used for transacting with the [a] third 
party. 

S. (Amended) A method for securing a transaction i n order to p r event fraudu lonj 
tra nsactio ns, said meth od comprising: 

initializi ng a smart ca rd b v receivin g within the c ard a secre t master key fr oma 
cre dit card is suer, the master key being k ept secret; 

receiving, into the [a] smart card, a data transmission from a merchant, wherein 
the data transmission includes unique merchant information, and a request for a billing 
digest; 

retrieving unique client information, from the smart card memory; 

retrieving [a] the master key, the master key being known to Ihs [a] credit card 

issuer; 

creating the billing digest by hashing the unique client information, the master 
key and the unique merchant information onboard the smart card; and 

passing the billing digest, the unique merchant information and the unique client 
information to the requestor. 
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1 1 . (Amended) A method for securing a transaction inorder 1o prevent fraudulent 
transactions, sai d metho d, comprising: 

ijiitjiUj/in£,p^^ i )lC car(t a secrct m aslc C ^ e V fron ?.-a 

credit .cajdJssucLj]}^^^ 

sending a data transmission to the [a client's] smart card, wherein the data 
transmission includes unique merchant information and a request for a billing digest; 

receiving the billing digest, Hie unique merchant information and unique client 
information from the [client's] smart caul, the billing digest being hashed from the unique 
merchant information, unique client information and the master key [secret information] 
from the [client's] smart card; and 

transmitting the uniquo merchant information and unique client information from 
the [client's] smart card to a credit card issuer. 

1 3. (Amended) A method for securing a transaction in order to prevent fraudulent 
tra nsaction s, said m ethod comprising: 

reivin g, prior to the tran sa ction, a secret mastcxk&limPlAllli^ 
nj^nrfgrkgy remain s unchange d, and is not altere d after the tr ansaction, the third party 
st oring a co p y of the master kev within t he third pariy^hejoaster key being kcpls^crcti 

receiving, bvthe th ir d party, a transact ion request from a requestor, wherein the 
request includes a digest and unique client information; 

the clien t informa t ion bcina associated_wjij dbg master kftyi 

accessing [a] the co p y of the master key bu ;ed on the unique client information; 

d ealing an authorization digest by bashing the unique client information and the 
co py of the master key; 

comparing , bv the t h ird party , the authorization digest with the digest from the 

requestor; and 

reluming a response to the requestor from t he third p arly, the content of the 
response being based on an outcome of the comparison oftho authorization digest with 
the digest from the requestor. 
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19, (Amended) The method recited in claim 13 iibove, wherein the third party i? a 
cr edit card issuer, the transaction is a credit card transaction and the requestor is a 
merchant, further wherein Ihe requestor information includes information describing at 
least one of a merchant identifier which is specific lo the credit card issuer, a transaction 
identifier which is specific to the credit card issuer and purchase information which is 
specific to a purchase initiated by the client. 

20. (Amended) A method for securing a transaction inorclcr to prevent fraudulent 
transactio ns, said metho d comprising: 

generating a billing digest in a customer's smart card, the billing digest being 
hashed from merchant information, customer information and a secret master key; 

receiving tfr c master k cyjromjLcrc^^ upofi an i nitialization o_fthe 

sm art card b v the credi t card issuer, t he master k ey being associated with the custom er 
mfpr malion: 

creating an authentication digest by the credit card issuer, wherein the 
authentication digest is hashed from the merchant information, customer information and 
a master key associated with the customer information; 

comparing the authorization digest with the billing digest; and 
authorizing a transaction based on the comparison of the authorization digest with 
the billing digest. 

22. (Amended) A smart card for conducting secure transactions injorder to prevent 
fraud ulent tran sa ctions c omprisi ng: 

a input/output mechanism; 

a processor; and 

a memory containing: 

financial account information; 

a s ecret master key received upon initi alization of th e smart car d,_t hc master k ey 
re maining u n changed thr ou ghout the u se of the smai1_ caixl the m ast er key bei ng received 
fro m a third par ty; 

functional hashing algorithm; 
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an executable application, for executing on 1hc processor, for invoking the 
functional hashing algorithm, wherein the functional hashing algorithm creates a digest 
(rem the financial account information and the mas for key and further wherein the 
executable application transmits, via the inpul/outpirt mechanism, the digest and the 
financial account information to a requestor for appr oval b y the third party. 

23. (Amended) A system for conducting secure transactions in order to prevent 
fraudulent t r ansactions comprising: 

a client smart card for creating a billing digest from a resident client information, 
a resident secret master key and imported merchant information; 

th e master ke y being receive d from a fina nci al institution u pon initiali zat ion of the 
s mart card, the master key re m aining uncha nged after use ofl he smart car d, the master 
key bei ng kept sec ret, and the m aste r key being a ss ociated with th e resident clien t 
informa tion; 

a merchant system for requesting the billing digest and for passing secure 
transaction information and the billing digest to thy [a] financial institution, wherein the 
transaction information comprises the client information, and the imported merchant 
information; and 

[a] the financial institution Tor receiving the transaction information and billing 
digest and lor authorizing a transaction by: 

accessing a master key stored, wj thin the fin anc ial institution based on the client 
information; 

creating an authorization digest from the muster key stored in the financial 
inst itution , the client information and the merchant information; and 

comparing the authorization billing digest with the billing digest. 

24. (Amended) A system for securing a transaction mord cr to prevent fraudulent 
trans actions comprising; 

rccc ivinu mean s fo r receiving a s ecret mas l or ke y from a thi rd partition prior to 
the transaction, the master key r ema ining unch ang ed afler the transaction, the master key 
being kept secret; 
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receiving moans for receiving a request for a digest from a requestor; 

retrieving means Tor retrieving [a] the master key; 

retrieving means for retrieving unique client information; 

the cl ie nt info r mation bciim assomtcibyjth tliemaglerj<ey; 

creating means for creating the digest by hashing the unique client information 

and the master key; find 

returning means for returning the digest and the unique client information to the 
requestor, wherein the digest and the unique client information will be used for 
transacting with the [a] third party. 

32. (Amended) A system for securing a transaction ifjjmlor jo prevent frau dulent 
trans actions comprising: 

Eivwjjljnfi, means for provi dm^Qrriathjrtl. Rartya^ccrct master key to a client, 

lhejyiast„exk^jcrr^^ 

receiving means for receiving a transaction request from a requestor, wherein the 
request includes a digest and unique client information, flejliscjt^^ 

the master key proyi.d<aUgJh.S^uU^^ 

the lu xigmi^cjlLirifori nalioii being associal ojLwjMUgJMglg.f-^gyi 

recessing means for ucccssingj^jhejlvird party, a master key stpred^lUliM 

th ird pa rty based on the unique client information; 

creating means for creating an authorization digest by hashing the unique client 

information and the master key; 

comparing means for comparing the authorization digest with the digest from the 

requestor; and 

returning means for returning a response to the requestor, the content of the 
response being bused on the outcome of the comparison or (he authorization digest with 
the digest from the requestor. 

39. (Amended) A computer program product for securing a transaction io&rder to 
preycnUMLdil^^ embodied on a computer readable medium comprising: 
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pxnvidiTTglns ttnctioiis f or providi ng from a thirdjiarty a secret master key,, the 
mast er kay r e maining u nchanged a fter the tra nsaction; 

receiving instructions for receiving a request for a digest from a requestor; 

retrieving instructions for retrieving the [a] master key; 

retrieving instructions for retrieving unique client information; 

the mast e r kev bein g associated with the clie nt inf or mation; 

creating instructions for creating the digest by hashing the unique client 
information and the master key; and 

returning instructions for returning the digest and the unique client information to 
the requestor, wherein the digest and the unique client information will be used for 
transacting with [a] the third party, 

40. (Amended) A computer program product for securing a transaction in order ; to 
ErwcjsLfi^ydulOT embodied on a computer readable medium comprising: 

iniiinlj^ initial i zing a sm a,ilcardby receiving within thc_canj_a 

secr et masl^tayj^^ issuer; 

receiving instructions for receiving, into [a] the smart card, a data transmission 
from a merchant, wherein the data transmission includes unique merchant information, 
and a request for a billing digest; 

retrieving instructions for retrieving unique client information, from the smart 

card memory; 

thomau^ wiUl the master k ey; 

retrieving instructions for retrieving [a] the master key, the master key being 
pr ovided b yjtho [known to a] credit card issuer; 

creating instructions for creating the billing digest by hashing the unique client 
information, the master key and the unique merchant information onboard the smart card; 
and 

passing instructions for passing the billing digest, the unique merchant 
information and the unique client information lo the requestor. 
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